ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chart MPL

v1.1.0

Generate PNG/SVG charts (line, bar, hbar, pie, stacked, scatter, area) from CSV data using matplotlib. Use when the user asks to visualize tabular data, prod...

0· 186·0 current·0 all-time
byUmbra@mohamed-hammane
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, required binary (python3), SKILL.md usage, and included scripts all align: the skill provides a Python script that reads CSV and renders charts with matplotlib — this is coherent and expected.
Instruction Scope
SKILL.md instructs creating a venv in ~/.openclaw/workspace/.venv_chart, installing matplotlib, and running the bundled script against a provided CSV. Those steps are within scope. It does write outputs to ~/.openclaw/workspace/exports/images (or to a user-specified --out). The audit is limited because the provided scripts/chart_mpl.py was truncated in the package listing, so the latter part of runtime logic (after beginning of scatter branch and any remaining code) could not be inspected.
Install Mechanism
No install spec is present (instruction-only); the SKILL.md recommends a venv and pip install matplotlib. There is no external download of code — the script is included in the package — so install risk is just the normal PyPI install of matplotlib and its dependencies.
Credentials
The skill requests no environment variables or credentials. It reads CSV files supplied by the user and writes image files to the workspace or a user-provided --out path, which is proportionate to the stated purpose.
Persistence & Privilege
always:false and user-invocable:true. The skill creates its own venv and output directories under ~/.openclaw/workspace, which is a reasonable level of persistence and scoped to its own files; it does not request elevated platform privileges.
What to consider before installing
This skill appears to do what it claims (create charts from CSV) and relies on a bundled Python script plus matplotlib. However, the provided script content was truncated in the package listing, so you should not run it unreviewed. Before installing or running: (1) review the full scripts/chart_mpl.py file for any subprocess, networking, or filesystem operations beyond reading the CSV and writing the image (search for os.system, subprocess, socket, requests, urllib, open to unexpected paths, or code that posts files); (2) run pip installs inside an isolated virtual environment or sandbox; (3) if you will supply CSVs exported from other skills, ensure those CSVs don't contain sensitive data you don't want processed or written to disk; (4) consider running the script on a non-production machine first. If you can provide the complete script (no truncation), I can re-evaluate and raise confidence to high if nothing suspicious appears.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

CH Clawdis
Binspython3
latestvk977g2wszrpk664p0aeet5pnvh847x89
186downloads
0stars
2versions
Updated 2w ago
v1.1.0
MIT-0
Umbra@mohamed-hammane
latest
Download

Chart MPL

Generate chart images from CSV files with scripts/chart_mpl.py.

Setup

Create a virtual environment and install matplotlib (one-time):

python3 -m venv ~/.openclaw/workspace/.venv_chart
~/.openclaw/workspace/.venv_chart/bin/pip install matplotlib

Quick start

Run from workspace root:

~/.openclaw/workspace/.venv_chart/bin/python skills/chart-mpl/scripts/chart_mpl.py \
  --csv /path/to/data.csv \
  --xcol Mois \
  --ycol Valeur \
  --kind line \
  --title "Monthly trend" \
  --xlabel "Month" \
  --ylabel "Value"

Output defaults to: ~/.openclaw/workspace/exports/images

Inputs

  • --csv path to CSV file
  • --xcol column for X axis
  • --ycol numeric column(s) for Y axis — comma-separated for multi-series (e.g. Sales,Costs)
  • --kind chart type: line, bar, hbar, pie, stacked, scatter, area
  • Optional: --delim if auto-detection fails (;, ,, \t, |)
  • Optional: --out custom output path (PNG or SVG — format detected from extension)
  • Optional: --title, --xlabel, --ylabel
  • Optional: --top N show only top N categories by value (bar, hbar, pie, stacked). Multi-series ranks by row total.
  • Optional: --sort sort data before plotting: x-asc, x-desc, y-desc, none (default: none)
  • Optional: --numfmt number format on Y axis: fr (1,5M) or en (1.5M) — default: fr

Chart types

KindDescriptionMulti-series
lineLine chart with markersyes
barVertical bar chart (grouped when multi-series)yes
hbarHorizontal bar chart (grouped when multi-series)yes
piePie chart (first Y column only)no
stackedStacked vertical bar (requires 2+ Y)yes
scatterScatter plotyes
areaFilled area chartyes

Notes

  • Script auto-detects delimiters when possible.
  • Script tolerates European and US numeric formats (1 234,56, 1,234.56).
  • Non-numeric values in ycol are converted to NaN with a warning.
  • Handles BOM-encoded CSV files (utf-8-sig).
  • Multi-series charts automatically show a legend and cycle through an 8-color palette.
  • Y-axis ticks use human-readable formatting (K, M, G suffixes) with French or English decimals.
  • --top N keeps the N highest categories. For pie charts, the remainder is aggregated into an "Other" slice. For bar/hbar/stacked, the rest are excluded.
  • Output format (PNG or SVG) is detected from the --out file extension. Default is PNG.

End-to-end flow with SQL skill

  1. Export query result to CSV using the mssql skill.
  2. Run this script on that CSV.
  3. Share the generated PNG path.

Comments

Loading comments...